Describe the bug
The /comply:pack-assessment skill does not have the compliance-mapping.json as part of the tasks for completion. This is required for the complypack bundle since it packages the .rego files that need to be mapped to the Gemara policy bundle assessment plan requirement-ids.
To Reproduce
Steps to reproduce the behavior:
- complyctl generate --policy-id # should not work unless the
compliance-mapping.json is there
Expected behavior
The comply:pack-assessment skill should create the compliance-mapping.json and include it in the complypack bundle when publishing to ghcr.
Screenshots
Resolved path/to/my/repo version: latest
Reusing generated artifacts for testing-artifact-policy-bundle (unchanged since last generate)
Scanning 38 requirements via opa for target(s): kubernetes, ci...
Scanning targets...
done
WARNING: 2 operational errors during scan:
- kubernetes: scan config missing or has no requirement IDs; run Generate first with a bundle containing
complytime-mapping.json
- ci: scan config missing or has no requirement IDs; run Generate first with a bundle containing
complytime-mapping.json
Additional context
The compliance-mapping.json is specifically for OPA. OpenSCAP uses the tailoring-file.xml and ampel will use the bundle.json
Describe the bug
The
/comply:pack-assessmentskill does not have thecompliance-mapping.jsonas part of the tasks for completion. This is required for thecomplypackbundle since it packages the.regofiles that need to be mapped to the Gemara policy bundle assessment plan requirement-ids.To Reproduce
Steps to reproduce the behavior:
compliance-mapping.jsonis thereExpected behavior
The comply:pack-assessment skill should create the
compliance-mapping.jsonand include it in the complypack bundle when publishing to ghcr.Screenshots
Resolved path/to/my/repo version: latest Reusing generated artifacts for testing-artifact-policy-bundle (unchanged since last generate) Scanning 38 requirements via opa for target(s): kubernetes, ci... Scanning targets... done WARNING: 2 operational errors during scan: - kubernetes: scan config missing or has no requirement IDs; run Generate first with a bundle containing complytime-mapping.json - ci: scan config missing or has no requirement IDs; run Generate first with a bundle containing complytime-mapping.jsonAdditional context
The
compliance-mapping.jsonis specifically for OPA. OpenSCAP uses thetailoring-file.xmlandampelwill use thebundle.json